#VU91480 Race condition in Linux kernel
Vulnerability identifier: #VU91480
Vulnerability risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-362
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a race condition within the ieee80211_check_fast_xmit() function in net/mac80211/tx.c, within the sta_info_insert_finish() function in net/mac80211/sta_info.c. A local user can escalate privileges on the system.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel:
External links
http://git.kernel.org/stable/c/76fad1174a0cae6fc857b9f88b261a2e4f07d587
http://git.kernel.org/stable/c/85720b69aef177318f4a18efbcc4302228a340e5
http://git.kernel.org/stable/c/5ffab99e070b9f8ae0cf60c3c3602b84eee818dd
http://git.kernel.org/stable/c/88c18fd06608b3adee547102505d715f21075c9d
http://git.kernel.org/stable/c/eb39bb548bf974acad7bd6780fe11f9e6652d696
http://git.kernel.org/stable/c/54b79d8786964e2f840e8a2ec4a9f9a50f3d4954
http://git.kernel.org/stable/c/281280276b70c822f55ce15b661f6d1d3228aaa9
http://git.kernel.org/stable/c/bcbc84af1183c8cf3d1ca9b78540c2185cd85e7f
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
